Lucene search
K

26 matches found

Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.23 views

RHEL 4 : samba (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - samba: insecure wide links default CVE-2010-0926 Note that Nessus has not tested for this issue but has instead...

3.5CVSS6.6AI score0.3053EPSS
Exploits6References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.5 views

SUSE CVE-2010-0926

The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create...

3.5CVSS7.1AI score0.3053EPSS
Exploits6References8
Samba
Samba
added 2022/10/25 12:0 a.m.35 views

Wide links protection broken

Description Samba 4.17 introduced following symlinks in user space with the intent to properly check symlink targets to stay within the share that was configured by the administrator. The check does not properly cover a corner case, so that a user can create a symbolic link that will make smbd...

6.5CVSS0.3AI score0.02431EPSS
Exploits0
Veracode
Veracode
added 2020/04/10 1:11 a.m.25 views

Information Disclosure

samba is vulnerable to information disclosure. The vulnerability exists as the default Samba server configuration enabled both the "wide links" and "unix extensions" options, allowing Samba clients with write access to a share to create symbolic links that point to any location on the file system...

3.5CVSS1.5AI score0.3053EPSS
Exploits6References38Affected Software1
RedhatCVE
RedhatCVE
added 2020/04/05 5:1 a.m.38 views

CVE-2019-10197

A flaw was found in samba when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside of the share. Mitigation The following methods can be used as a mitigation only...

9.1CVSS0.8AI score0.03182EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/24 8:33 a.m.25 views

Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2019-10197)

Summary A Samba vulnerability affects IBM Spectrum Scale SMB protocol access method that could allow a remote attacker to bypass security restrictions and gain access to the contents of directories outside of the share. Vulnerability Details In IBM Spectrum Scale by default wide links are forced ...

9.1CVSS0.5AI score0.03182EPSS
Exploits0Affected Software1
seebug.org
seebug.org
added 2017/03/28 12:0 a.m.393 views

Samba: symlink race permits opening files outside share directory (CVE-2017-2619)

The Samba server is supposed to only grant access to the configured share directories unless the "wide links" are enabled, in which case the server is allowed to follow symlinks. The default since CVE-2010-0926 is that wide links are disabled. smbd ensures that it isn't following symlinks by...

3.5CVSS7.8AI score0.3053EPSS
Exploits7
0day.today
0day.today
added 2017/03/28 12:0 a.m.248 views

Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory Vulnerability

Exploit for multiple platform in category remote exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1039 The Samba server is supposed to only grant access to configured share directories unless "wide links" are enabled, in which case the server is allowed to follow symlink...

8AI score0.3053EPSS
Exploits7
RedHat Linux
RedHat Linux
added 2012/02/21 2:22 a.m.3 views

samba: insecure "wide links" default

The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create...

3.5CVSS5.9AI score0.3053EPSS
Exploits6References4
RedHat Linux
RedHat Linux
added 2012/02/21 2:22 a.m.47 views

Low: Red Hat Security Advisory: samba security, bug fix, and enhancement update

Updated samba packages that fix one security issue, one bug, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

3.5CVSS7AI score0.3053EPSS
Exploits6References2
OpenVAS
OpenVAS
added 2012/02/21 12:0 a.m.32 views

RedHat Update for samba RHSA-2012:0313-03

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

3.5CVSS6.5AI score0.3053EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2010/10/11 12:0 a.m.45 views

SuSE 10 Security Update : Samba (ZYPP Patch Number 6921)

With enabled 'wide links' samba follows symbolic links on the server side, therefore allowing clients to overwrite arbitrary files CVE-2010-0926. This update changes the default setting to have 'wide links' disabled by default. The new default only works if 'wide links' is not set explicitly in...

3.5CVSS7.5AI score0.3053EPSS
Exploits7References4
Prion
Prion
added 2010/06/17 4:30 p.m.23 views

Default configuration

The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. NOTE: this might overlap CVE-2010-0926...

3.5CVSS6AI score0.3053EPSS
Exploits6References6Affected Software2
Cvelist
Cvelist
added 2010/06/17 4:0 p.m.29 views

CVE-2010-1381

The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. NOTE: this might overlap CVE-2010-0926...

6.8AI score0.01495EPSS
Exploits0References6
CVE
CVE
added 2010/06/17 4:0 p.m.59 views

CVE-2010-1381

CVE-2010-0926 concerns Samba smbd configurations that enable wide links, allowing remote authenticated users to traverse directories and access arbitrary files via symlinks. Affected are Samba versions prior to 3.3.11, 3.4.x prior to 3.4.6, and 3.5.x prior to 3.5.0rc3 when a writable share exists...

3.5CVSS6.6AI score0.01495EPSS
Exploits0References6Affected Software2
Tenable Nessus
Tenable Nessus
added 2010/04/09 12:0 a.m.37 views

SuSE 10 Security Update : Samba (ZYPP Patch Number 6920)

With enabled 'wide links' samba follows symbolic links on the server side, therefore allowing clients to overwrite arbitrary files CVE-2010-0926. This update changes the default setting to have 'wide links' disabled by default. The new default only works if 'wide links' is not set explicitly in...

3.5CVSS7.5AI score0.3053EPSS
Exploits7References4
Tenable Nessus
Tenable Nessus
added 2010/04/09 12:0 a.m.35 views

SuSE9 Security Update : Samba (YOU Patch Number 12595)

With enabled 'wide links' samba follows symbolic links on the server side, therefore allowing clients to overwrite arbitrary files CVE-2010-0926. This update changes the default setting to have 'wide links' disabled by default. The new default only works if 'wide links' is not set explicitly in...

3.5CVSS7.5AI score0.3053EPSS
Exploits7References4
OpenVAS
OpenVAS
added 2010/03/31 12:0 a.m.33 views

Ubuntu Update for samba vulnerability USN-918-1

Ubuntu Update for Linux kernel vulnerabilities USN-918-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9181.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for samba vulnerability USN-918-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

3.5CVSS7.6AI score0.3053EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2010/03/25 12:0 a.m.38 views

openSUSE Security Update : cifs-mount (cifs-mount-2128)

With enabled 'wide links' samba follows symbolic links on the server side, therefore allowing clients to overwrite arbitrary files CVE-2010-0926. This update changes the default setting to have 'wide links' disabled by default. The new default only works if 'wide links' is not set explicitly in...

3.5CVSS7.5AI score0.3053EPSS
Exploits7References4
Tenable Nessus
Tenable Nessus
added 2010/03/25 12:0 a.m.35 views

openSUSE Security Update : cifs-mount (cifs-mount-2128)

With enabled 'wide links' samba follows symbolic links on the server side, therefore allowing clients to overwrite arbitrary files CVE-2010-0926. This update changes the default setting to have 'wide links' disabled by default. The new default only works if 'wide links' is not set explicitly in...

3.5CVSS7.5AI score0.3053EPSS
Exploits7References4
Rows per page
Query Builder